According to a report by Computer Weekly, the Information Commissioner's Office (ICO) has dealt with more data breach reports and issued more fines in the past year than ever before.
Data breach reports are at a record high
This is a big improvement from two years ago, when a report, also by Computer Weekly revealed that an estimated 92% of data breaches go unreported to the ICO.
A half of all information security breaches are due to human error, more often than not, by people not understanding the policy.
With tougher penalties of up to €20m or 4% of global annual turnover on the way as a result of the GDPR, there has never been a bigger incentive to get data security right.
Top tips to improve your data security and reporting:
- Familiarise yourself with your company's IT, information security, privacy and confidentiality rules and related policies - You can't fully protect yourself and your firm if you don't know what to do
- Be clear about your responsibilities - Know what data you are responsible for, what you are allowed to do with it and what you aren't
- Take extra care when taking data offsite - Only do this if it is absolutely essential; make sure that any data is encrypted or password-protected; and ensure that it's returned or deleted after use
- Only use secure networks to access or transfer your firm's data - Accessing your company's network via a public WiFi hotspot in a cafe will make you more vulnerable
- Only share information on a 'need to know' basis - Avoid forwarding data to groups of people and take care typing email addresses to avoid sending data to the wrong recipient
- Understand and check document classifications (eg - Private, Confidential, Public, etc) and privileges - Even people in the same department or function may have different access rights so check who is entitled to what and how documents are classified before sharing them
- Follow the password rules - Use strong passwords and change them regularly; avoid sharing your password with anyone else as your password may give others access to restricted information
- Only use work devices to access information related to your firm - Avoid forwarding data to your personal email or smartphone
- If you're not sure how to protect your firm's data, ask - You can get more advice and support from the IT department or your manager
- Never conceal data losses or breaches - If you make a mistake, tell your manager or IT department immediately so your firm can act quickly to limit their losses
Want to know more about Information Security?
As well as 50+ free compliance training aids, we regularly publish informative Information Security blogs. And, if you're looking for a compliance training solution, why not visit our Compliance Essentials course library.
If you've any further questions or concerns about Information Security, just leave us a comment below this blog. We are happy to help!
Leave a comment